<?php
session_start();
include "library.php";

//If user presses logout button, close session, and redirect

if(isset($_POST["logout"])){	
	session_unset();
	session_destroy();
	header("Location:home.php");
}
$pwdb = connectSQLServer("wendlc_teamsci","sdd","");
mysql_select_db("wendlc_TeamSci");

print_header(1,101);

//Perform a query to see if this user's email is in the preapproved list
	
$queryEmail = sprintf("SELECT * FROM Preapproved WHERE Email = '%s'",
	mysql_real_escape_string(stripslashes(htmlspecialchars($_SESSION["email"])), $pwdb));
$resultsEmail = dbquery($queryEmail);

//Email is in preapproved list

if(mysql_num_rows($resultsEmail) != 0){ 
  $EmailOb = mysql_fetch_object($resultsEmail);

  //Remove email from preapproved

  $queryDel = sprintf("DELETE FROM Preapproved WHERE Email = '%s'",
	mysql_real_escape_string(stripslashes(htmlspecialchars($_SESSION["email"])), $pwdb));
  dbquery($queryDel);
		
  //Now update entery in user table to reflect an approved account
		
  $queryUpdate = sprintf("UPDATE Users SET Approved = 1, Position = '%s' WHERE UserID = '%s'",
	mysql_real_escape_string(stripslashes(htmlspecialchars($EmailOb->Pos)), $pwdb),
	mysql_real_escape_string(stripslashes(htmlspecialchars($_SESSION["user"])), $pwdb));
  dbquery($queryUpdate);
  
  //Display different messages depending on type of account
 
  if($EmailOb->Pos == 2){
    echo "Thank you, ".$_SESSION["fname"].". Your account has been preapproved by administrator as a LEAD RESEARCHER. Enjoy.";
  } else { 
    echo "Thank you, ".$_SESSION["fname"].". Your account has been preapproved by administrator as a RESEARCHER. Enjoy.";
  }
} else {
  
  //Print a message to the user saying that their information will be reviewed and they will recieve an email once administrator has reviewed application
  
  echo "Thank you, ".$_SESSION["fname"].". Email will be sent later with decision.";
}
print_footer();
?>